注册 | 登录 忘记密码? 51cto首页 | 博客 | 论坛 | 招聘
热点文章 [业内传闻]今天,7月25日..
 帮助
“绿色IT 从我做起”7月获奖名单  负载均衡技术沙龙现场视频、PPT 博主的更多文章>>

RIPv2的认证(Enabling RIPv2 Autherization)

2007-06-13 14:13:19
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章 原始出处 、作者信息和本声明。否则将追究法律责任。http://loveme23.blog.51cto.com/7891/29977
实验来源:工大瑞普Cisco网络技术论坛

1.按照试验拓扑配置好各台路由器的接口IP地址;
2.使用ping命令验证相邻两台路由器的连通性;
3.配置RIP协议:
R1配置:
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.1.1.0
Router(config-router)#network 172.16.1.0
Router(config-router)#passive-interface loopback 0
Router(config-router)#no auto-summary                    //取消自动汇总
R2配置:
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 172.16.1.0
Router(config-router)#network 172.16.2.0
Router(config-router)#no auto-summary
R3配置:
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 10.2.2.0
Router(config-router)#network 172.16.2.0
Router(config-router)#passive-interface loopback 0
Router(config-router)#no auto-summary
4.使用命令show ip protocols查看所配置的RIP协议,例R1:
Router#show ip protocols
Routing Protocol is "rip"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 0 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    Serial1/1             2     2                                    
    Loopback0             2     2                                    
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    10.0.0.0
    172.16.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    172.16.1.2           120      00:00:13
  Distance: (default is 120)
再在R2上查看一下路由表:
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Serial1/0
C       172.16.2.0 is directly connected, Serial1/1
     10.0.0.0/24 is subnetted, 2 subnets
R       10.2.2.0 [120/1] via 172.16.2.1, 00:00:20, Serial1/1
R       10.1.1.0 [120/1] via 172.16.1.1, 00:01:43, Serial1/0
使用ping命令验证连通性,这里略。。。
5.OK,下面开始配置RIP验证,举例在R2上配置,验证R1:
Router(config)#key chain cisco      //定义钥匙链。钥匙链名为cisco
Router(config-keychain)#key 1      //定义钥匙链上的第一个钥匙
Router(config-keychain-key)#key-string key  //定义密钥
Router(config-keychain-key)#exit
Router(config-keychain)#exit
Router(config)#interface serial 1/0
Router(config-if)#ip rip authentication key-chain cisco  //在接口下起用rip验证,并使用钥匙链cisco
Router(config-if)#ip rip authentication mode md5  //定义钥匙的验证是md5的
Router(config-if)#exit
配置好后,要等待一段时间,我们在R2上用debug ip rip命令看一下rip的调试信息:
Router#debug ip rip
RIP protocol debugging is on
Router#
*Mar  1 00:07:34.643: RIP: received v2 update from 172.16.2.1 on Serial1/1
*Mar  1 00:07:34.643:      10.2.2.0/24 via 0.0.0.0 in 1 hops
*Mar  1 00:07:36.519: RIP: sending v2 update to 224.0.0.9 via Serial1/1 (172.16.2.2)
*Mar  1 00:07:36.519: RIP: build update entries
*Mar  1 00:07:36.519:   10.1.1.0/24 via 0.0.0.0, metric 2, tag 0
*Mar  1 00:07:36.523:   172.16.1.0/24 via 0.0.0.0, metric 1, tag 0
*Mar  1 00:07:42.539: RIP: ignored v2 packet from 172.16.1.1 (invalid authentication) //无效的   验证
*Mar  1 00:07:45.623: RIP: sending v2 update to 224.0.0.9 via Serial1/0 (172.16.1.2)
*Mar  1 00:07:45.623: RIP: build update entries
*Mar  1 00:07:45.623:   10.2.2.0/24 via 0.0.0.0, metric 2, tag 0
*Mar  1 00:07:45.627:   172.16.2.0/24 via 0.0.0.0, metric 1, tag 0
从172.16.1.1收到无效的验证,然后使用show ip route查看:
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.1.0 is directly connected, Serial1/0
C       172.16.2.0 is directly connected, Serial1/1
     10.0.0.0/24 is subnetted, 2 subnets
R       10.2.2.0 [120/1] via 172.16.2.1, 00:00:23, Serial1/1
R       10.1.1.0/24 is possibly down,
          routing via 172.16.1.1, Serial1/0
和最开始我们查看到的信息不一样了。
如果我们想让R1继续可以和R2更新,那么也需要在R1上配置key,方法和在R2上配置时一样。。(为了演示方便,我把认证模式改为test了),然后我们再在R2上debug 一下:
Router#debug ip rip
RIP protocol debugging is on
Router#
*Mar  1 00:19:24.475: RIP: received packet with text authentication key
*Mar  1 00:19:24.475: RIP: received v2 update from 172.16.1.1 on Serial1/0
*Mar  1 00:19:24.479:      10.1.1.0/24 via 0.0.0.0 in 1 hops
然后用show ip route察看路由表(这里略)发现和最开始的路由表一样。
OK,实验完。

本文出自 “★Beckham~23” 博客,请务必保留此出处http://loveme23.blog.51cto.com/7891/29977





    相关文章
RIPv2的认证(Enabling RIPv2 Autherization)
RIPv2基本配置实验
RIPv2路由网络的特点及组建
RIPv2的不连续子网基本配置
网络工程师
网络工程师交换试验手册之七:RIPv2汇总实验
网络工程师交换试验手册之八:RIPv1与RIPv2..
RIPv1与RIPv2相结合基本
配置RIPV1与RIPV2,让RIPV1能学习RIPV2
RIPv2验证
    文章评论
 
2007-06-13 18:52:19
  不错,很深入的理解,不过R1R2R3R4都是互相的吗?都能互相认证吗?

2007-06-13 19:03:32
只要在router上配置钥匙链,并且应用到接口上,可以实现相互认证。

 

发表评论

昵   称:
验证码:  点击图片可刷新验证码  博客过2级,无需填写验证码
内   容: